NFTDefects / nftdefects

Definition and Detection of Defects in NFT Smart Contracts

Home Page:https://dl.acm.org/doi/10.1145/3597926.3598063

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Static Badge Static Badge Static Badge Documentation License: Apache GitHub Actions Workflow Status GitHub forks GitHub forks


NFTDefects

1. Datasets for defining NFT-related contract defects.
2. Tool NFTGuard for detecting NFT contract defects.

Prerequisites

  • Python >= 3.6.

  • evm >= 1.10.21. Download version 1.10.21 (tested) from go-ethereum and add executable bins in the $PATH.

    wget https://gethstore.blob.core.windows.net/builds/geth-alltools-linux-amd64-1.10.21-67109427.tar.gz
    tar -zxvf geth-alltools-linux-amd64-1.10.21-67109427.tar.gz
    cp geth-alltools-linux-amd64-1.10.21-67109427/evm /usr/local/bin/ #$PATH
  • solc. Recommend solc-select to manage Solidity compiler versions.

    pip3 install solc-select

Install

  1. Python dependencies installation.
pip3 install -r requirements.txt
  1. Or you can build or pull the docker image.
docker build -t nftdefects:local . # local build
docker pull ghcr.io/nftdefects/nftdefects:latest # remote pull

Usage

Local

To test one solidity file, use -cnames to specify contract name.

python3 tool.py -s test/token.sol -cnames token -j -glt 200 -ll 100 -dl 500

To test a specifc function, use -fselector to specifiy the function selector (-as option is provided for automatical solc version switch).

python3 tool.py -s test/toadz.sol -cnames CreatureToadz -fselector 40c10f19 -as

For solidity project (supports newest version crytic-compile toolset). Remember to use remap to link the outside libraries (openzeppelin, etc).

python3 tool.py -s "path/to/.sol" -rmp "remapping/import_lib/path" -cnames "contract name"
# example
python3 tool.py -s test/8liens/contracts/8liens/8liensMinter.sol -rmp erc721a=test/8liens/erc721a @openzeppelin=test/8liens/@openzeppelin -cnames \$8liensMinter -ll 50 -glt 60

Other utils: contract/project source code crawler (with complete code structure) from EtherScan. See crawler.py. The utils can help recover the original structure of the DApp contracts to be fed into NFTGuard with remap configuration.

python3 crawl.py --dir ./0x --caddress 0x # 0x is the contract address

Usage in the NFTGuard CLI.

python3 tool.py -caddress 0xa4631a191044096834ce65d1ee86b16b171d8080 -cnames CreatureToadz -fselector 40c10f19

Docker

For the docker image, run with the following command.

docker run -v test:/NFTGuard/test ghcr.io/nftdefects/nftdefects:latest -s test/token.sol -cnames token -j

Publication

This repository was proposed in the ISSTA'23 paper, and we would really appreciate for your citation if this repo helps you.

@inproceedings{yang2023definition,
  title={Definition and Detection of Defects in NFT Smart Contracts},
  author={Yang, Shuo and Chen, Jiachi and Zheng, Zibin},
  booktitle={Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis},
  pages={373--384},
  year={2023}
}

📝 License

Copyright © 2024 Shuo Yang.
This project is Apache licensed.

About

Definition and Detection of Defects in NFT Smart Contracts

https://dl.acm.org/doi/10.1145/3597926.3598063

License:Apache License 2.0


Languages

Language:Python 99.3%Language:Dockerfile 0.7%